package com.ymt.bpm.appboot;

/**
 * Created by Johnny on 2017/1/28.
 */
import com.ymt.bpm.web.WebJwtFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.core.Ordered;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.crypto.password.StandardPasswordEncoder;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import java.util.ArrayList;
import java.util.List;


@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    private Logger log = LoggerFactory.getLogger(this.getClass());

    /*@Autowired
    private RestAuthenticationSuccessHandler successHandler;*/

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        //http.csrf().csrfTokenRepository(new HttpSessionCsrfTokenRepository());
        http.headers().frameOptions().disable();
        http.authorizeRequests()
                .anyRequest().authenticated()
                .and()
                .jee()
                .mappableRoles("USERS")
                //.and()
                //.httpBasic()
                .and()
                .csrf().disable()
                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
                .and()
                .exceptionHandling().authenticationEntryPoint(getLoginUrlAuthenticationEntryPoint())
                .and()
                .formLogin().loginPage("/login")
                //.successHandler(successHandler)
                .permitAll();

        http.addFilterBefore(addWebJwtFilterBean(), UsernamePasswordAuthenticationFilter.class);
    }

    @Override
    public void configure(WebSecurity web) throws Exception {
        web.ignoring().antMatchers(
                "/admin/**",
                "/bpmp-engine/**",
                "/dd-mapp/**",
                "/ddisv/**",
                "/favicon.ico",
                "/logout",
                "/openapi/**",
                "/pages/**",
                "/servlet/**",
                "/bpmp-resources/**",
                "/fmd-resources/**");
    }

    @Autowired
    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {

    }

    @Bean
    public PasswordEncoder getPasswordEncoder() {
        if (log.isDebugEnabled()) {
            log.info("Using StandardPasswordEncoder as PasswordEncoder.");
        }
        return new StandardPasswordEncoder();
    }

    /**
     * mobile api filter
     * @return
     */
    /*@Bean
    public FilterRegistrationBean filterRegistrationBean() {
        FilterRegistrationBean registrationBean = new FilterRegistrationBean();
        WebJwtFilter filter = new WebJwtFilter();
        registrationBean.setFilter(filter);
        List<String> urlPatterns = new ArrayList<String>();
        urlPatterns.add("/");
        urlPatterns.add("/view/*");
        urlPatterns.add("/api/*");
        registrationBean.setUrlPatterns(urlPatterns);
        registrationBean.setOrder(Ordered.HIGHEST_PRECEDENCE);
        return registrationBean;
    }*/

    @Bean
    public WebJwtFilter addWebJwtFilterBean() {
        return new WebJwtFilter();
    }

    private LoginUrlAuthenticationEntryPoint getLoginUrlAuthenticationEntryPoint() {
        LoginUrlAuthenticationEntryPoint ep = new LoginUrlAuthenticationEntryPoint("/login");
        ep.setUseForward(true);
        return ep;
    }
}